Jump to content

Archived

This topic is now archived and is closed to further replies.

j_freeman

PHP passed cause CSS stylesheet to be ignored

Recommended Posts

I've been looking all day on the Web, trying to figure this one out. I'm hoping someone will be able to just give me a good slap and that'll be the end of it.

Anyway, PHP code passed to a script can cause linked stylesheets to be ignored by the browser, even if the value is not used. For instance, consider this pure XHTML saved with a PHP extension (test.php):

[code]<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link href="style.css" rel="stylesheet" type="text/css" />
<title>test</title>
</head>
<body><p>Hello, World!</p></body>
</html>[/code]

With a style.css like this:
[code]body
{
font-family: sans-serif;
font-size: 2em;
text-align: center;
color: white;
background-color: black;
}[/code]

If you were to call [font=Courier New]test.php?test=hello[/font], styles would be applied. However, if you were to call [font=Courier New]test.php?test=<?php echo('Hello'); ?>[/font], no styles would be applied. It doesn't matter if the value passed is used or not--the result is the same.

Here is a demo of it in action:
http://www.haikuhost.com/misc/test.php?test=abcdef
[url=http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?>]http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?>[/url]  (May need to refresh your browser for the style to go away, if it was cached by the previous link.)

I've tried this on two different servers, both running PHP 4.4.2. One runs Apache 1.3.34 and one 1.3.36; it only happens with the one running 1.3.34.

Share this post


Link to post
Share on other sites
What exactly are you trying to do? I think I'm missing "the point".

Share this post


Link to post
Share on other sites
[quote author=pixy link=topic=100525.msg396803#msg396803 date=1152846199]
What exactly are you trying to do? I think I'm missing "the point".
[/quote]

One of my scripts' CSS breaks when a user tries to search for PHP code; that's "the point". :) (And yes, URL-encoding is performed but doesn't cut it.)

Share this post


Link to post
Share on other sites
That looks like a bogus URL.

I tested it with FireFox with the LiveHeaders extension. After the refresh I'm getting back "403 Forbidden" from your server.

What happens if you have the same source but name it ".html" so PHP isn't invoked?

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=100525.msg396805#msg396805 date=1152846555]
That is a bogus URL.

I tested it with FireFox with the LiveHeaders extension.[/quote]

Try this URL-encoded one instead, then, and run your extension on it:
http://www.haikuhost.com/misc/test.php?test=%3C?php%20echo(%22What%20is%20the%20problem?%22);%20?%3E

[quote]After the refresh I'm getting back "403 Forbidden" from your server.[/quote]

Strange.

[quote]What happens if you have the same source but name it ".html" so PHP isn't invoked?

Ken
[/quote]

I haven't tried it, but that's beside the point, as this is simply a demonstration of the problem I'm having in script that must be parsed (see my reply to pixy).

Share this post


Link to post
Share on other sites
I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden  return. I do see the unformatted "Hello World" on my screen.

The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=100525.msg396811#msg396811 date=1152847236]
I saw your reply after I posted my reply. The URL-encoded URL is the one giving me the 403 Forbidden  return. I do see the unformatted "Hello World" on my screen.[/quote]

Hmm, even stranger. I get 200 here. And at work. And at at a friend's.

Is the 403 when requesting test.php, or when your browser requests style.css?

[quote]The reason I asked if a file with the .html extension does the same thing, is that if it does, then we can rule out PHP as the cause. I believe this will turn out to be the case, since you have no PHP code in your source at all, so PHP isn't really being invoked.[/quote]

That's what I was thinking. But considering that the same data is being sent to the browser, how could it be Apache? Perhaps the PHP causes Apache to deny the subsequent request for the stylesheet?

I've posted at my host's forums to see what they have to say about this.

Share this post


Link to post
Share on other sites
It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=100525.msg396821#msg396821 date=1152847983]
It's coming back on the request for the stylesheet, which would explain why there is no formatting being done.

Ken
[/quote]

I was hoping that wasn't the cause. ;D Now I'm off to find out why Apache does this.

Anyway, thanks for your help, kensbnsn. :) (I'd give you some positive karma but SMF is foreign to me.)

Share this post


Link to post
Share on other sites
I just tried your code on my laptop (xampp: Apache 2.0.54, php 5.0.5) and it runs fine. So there is something funny going on with your server.

Ken

Share this post


Link to post
Share on other sites
http://www.haikuhost.com/misc/test.php?test=<?php echo("What is the problem?"); ?>

Um we cant run this link its a server side thing
it would be more like this
http://www.haikuhost.com/misc/test.php?test=whatisurproblem

Share this post


Link to post
Share on other sites
I think you just click on the [nobbc][grace] or [smite][/nobbc] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.

Ken

Share this post


Link to post
Share on other sites
The link is fine -- I've been testing it for a while. His CSS file is a normal CSS file, i.e. it's not being processed by PHP. At least I don't think it is, but if it were and that header wasn't in it, it wouldn't work at all.

Ken

Share this post


Link to post
Share on other sites
[quote author=kenrbnsn link=topic=100525.msg396833#msg396833 date=1152848709]
I think you just click on the [nobbc][grace] or [smite][/nobbc] links under the Karma on one of my posts Grace is for positive feedback, smite, negative.

Ken
[/quote]

It seems I need some karma to give karma, as I see no links like that. Oh well, real karma is better for you anyway. ;D

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.